I was wondering about this scenario. You are hired to do pentest and while doing your pentest, you have to successfully compromise the target system (Windows or Linux). You started to look around for Windows, you run sc or sc query commands, net and etc sommands.
How would you know that the target system(s) had been compromised so that you can turn the pentest into investigation/forensic phase, given that fact that you are a pentester pro. not incident handler or forensic invetigator?
Are there specific skills that you need to have being a pentester in order to find traces of a compromised systems?
Your turn, any idea/suggestions?